Agent-Media UGC Playbook

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill documentation establishes an orchestration logic that ingests untrusted user data (scripts and descriptions) and interpolates it into prompts for media generation and social publishing tools. This creates an attack surface for indirect prompt injection.
  • Ingestion points: Video script, character description, and visual description fields processed in SKILL.md patterns.
  • Boundary markers: The playbook does not instruct the agent to use specific delimiters or protective instructions when handling these untrusted inputs.
  • Capability inventory: The agent is granted access to multiple media generation tools (mcp__agent-media__*) and social publishing capabilities.
  • Sanitization: The documentation references platform-level SSRF guards and content policies as mitigation measures.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 06:37 AM
Security Audit — agent-trust-hub — Agent-Media UGC Playbook